feat: Generate config and secret hash for application mounting external k8s secrets (#5626)

* feat: Generate config and secret hash for application mounting external k8s secrets

* feat: reverted changes in charts file

* chore: refactoring

* updated: common-lib version

* updated: run with ctx

* updated common-lib version

* fix: invalid request

* feat: handling for KubernetesSecret only. excluding KubernetesExternalSecret

* chore: skipping error

* common-lib version upgrade and hash creation from data fileds only

Author: Ash-exp

api/bean/ConfigMapAndSecret.go

@@ -32,6 +32,7 @@ type ConfigMapJson struct {
 type ConfigSecretRootJson struct {
 	ConfigSecretJson ConfigSecretJson `json:"ConfigSecrets"`
 }
+
 type ConfigSecretJson struct {
 	Enabled bool               `json:"enabled"`
 	Secrets []*ConfigSecretMap `json:"secrets"`

go.mod

@@ -22,7 +22,7 @@ require (
 	github.com/davecgh/go-spew v1.1.1
 	github.com/deckarep/golang-set v1.8.0
 	github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8
-	github.com/devtron-labs/common-lib v0.0.25-0.20240809073131-5cefb0e8a93a
+	github.com/devtron-labs/common-lib v0.0.25-0.20240812080926-4926120ea08d
 	github.com/devtron-labs/go-bitbucket v0.9.60-beta
 	github.com/devtron-labs/protos v0.0.3-0.20240802105333-92ee9bb85d80
 	github.com/evanphx/json-patch v5.7.0+incompatible

go.sum

@@ -195,8 +195,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzq
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8 h1:2+Q7Jdhpo/uMiaQiZZzAh+ZX7wEJIFuMFG6DEiMuo64=
 github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8/go.mod h1:702R6WIf5y9UzKGoCGxQ+x3l5Ws+l0fXg2xlCpSGFZI=
-github.com/devtron-labs/common-lib v0.0.25-0.20240809073131-5cefb0e8a93a h1:VebYW3ZIz85sZedsG1wRAaV3V4B2Bx26XXpG8T9VfAA=
-github.com/devtron-labs/common-lib v0.0.25-0.20240809073131-5cefb0e8a93a/go.mod h1:a7aCClaxYfnyYEENSe1RnkQCeW2AwmCAPYsuvgk0aW0=
+github.com/devtron-labs/common-lib v0.0.25-0.20240812080926-4926120ea08d h1:/HZhYZVP+zQfbohq9Mxz3IX4rDjt0tokPll5zhh5gC8=
+github.com/devtron-labs/common-lib v0.0.25-0.20240812080926-4926120ea08d/go.mod h1:a7aCClaxYfnyYEENSe1RnkQCeW2AwmCAPYsuvgk0aW0=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta h1:VEx1jvDgdtDPS6A1uUFoaEi0l1/oLhbr+90xOwr6sDU=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta/go.mod h1:GnuiCesvh8xyHeMCb+twm8lBR/kQzJYSKL28ZfObp1Y=
 github.com/devtron-labs/protos v0.0.3-0.20240802105333-92ee9bb85d80 h1:xwbTeijNTf4/j1v+tSfwVqwLVnReas/NqEKeQHvSTys=

pkg/bean/app.go

@@ -948,3 +948,12 @@ const CustomAutoScalingEnabledPathKey = "CUSTOM_AUTOSCALING_ENABLED_PATH"
 const CustomAutoscalingReplicaCountPathKey = "CUSTOM_AUTOSCALING_REPLICA_COUNT_PATH"
 const CustomAutoscalingMinPathKey = "CUSTOM_AUTOSCALING_MIN_PATH"
 const CustomAutoscalingMaxPathKey = "CUSTOM_AUTOSCALING_MAX_PATH"
+
+type JsonPath string
+
+func (j JsonPath) String() string {
+	return string(j)
+}
+
+const ConfigHashPathKey JsonPath = "devtronInternal.containerSpecs.ConfigHash"
+const SecretHashPathKey JsonPath = "devtronInternal.containerSpecs.SecretHash"

pkg/deployment/manifest/ManifestCreationService.go

@@ -33,7 +33,7 @@ const (
 	ProjectNameDevtronLabel = "api.devtron.ai/project"
 )
 
-type ConfigMapAndSecretJsonV2 struct {
+type GetMergedCmAndCsJsonV2Request struct {
 	AppId                                 int
 	EnvId                                 int
 	PipeLineId                            int
@@ -42,3 +42,9 @@ type ConfigMapAndSecretJsonV2 struct {
 	WfrIdForDeploymentWithSpecificTrigger int
 	Scope                                 resourceQualifiers.Scope
 }
+
+type MergedCmAndCsJsonV2Response struct {
+	MergedJson     []byte
+	ExternalCmList []string
+	ExternalCsList []string
+}

pkg/deployment/manifest/bean/bean.go

@@ -152,8 +152,8 @@ func GetAutoScalingReplicaCount(templateMap map[string]interface{}, appName stri
 
 }
 
-func CreateConfigMapAndSecretJsonRequest(overrideRequest *bean.ValuesOverrideRequest, envOverride *chartConfig.EnvConfigOverride, chartVersion string, scope resourceQualifiers.Scope) bean3.ConfigMapAndSecretJsonV2 {
-	request := bean3.ConfigMapAndSecretJsonV2{
+func NewMergedCmAndCsJsonV2Request(overrideRequest *bean.ValuesOverrideRequest, envOverride *chartConfig.EnvConfigOverride, chartVersion string, scope resourceQualifiers.Scope) bean3.GetMergedCmAndCsJsonV2Request {
+	request := bean3.GetMergedCmAndCsJsonV2Request{
 		AppId:                                 overrideRequest.AppId,
 		EnvId:                                 envOverride.TargetEnvironment,
 		PipeLineId:                            overrideRequest.PipelineId,
@@ -165,6 +165,14 @@ func CreateConfigMapAndSecretJsonRequest(overrideRequest *bean.ValuesOverrideReq
 	return request
 }
 
+func NewMergedCmAndCsJsonV2Response() *bean3.MergedCmAndCsJsonV2Response {
+	return &bean3.MergedCmAndCsJsonV2Response{
+		MergedJson:     []byte("{}"),
+		ExternalCsList: make([]string, 0),
+		ExternalCmList: make([]string, 0),
+	}
+}
+
 func GetScopeForVariables(overrideRequest *bean.ValuesOverrideRequest, envOverride *chartConfig.EnvConfigOverride) resourceQualifiers.Scope {
 	scope := resourceQualifiers.Scope{
 		AppId:     overrideRequest.AppId,

pkg/deployment/manifest/helper/helper.go

@@ -24,19 +24,20 @@ import (
 	k8sCommonBean "github.com/devtron-labs/common-lib/utils/k8s/commonBean"
 	"github.com/devtron-labs/devtron/api/bean"
 	helmBean "github.com/devtron-labs/devtron/api/helm-app/service/bean"
-	util2 "github.com/devtron-labs/devtron/internal/util"
+	internalUtil "github.com/devtron-labs/devtron/internal/util"
 	"github.com/devtron-labs/devtron/pkg/argoApplication"
 	"github.com/devtron-labs/devtron/pkg/cluster"
 	bean3 "github.com/devtron-labs/devtron/pkg/k8s/application/bean"
 	"github.com/devtron-labs/devtron/util"
 	"go.opentelemetry.io/otel"
 	"go.uber.org/zap"
+	apiV1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/kubernetes"
-	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	clientV1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
 	"net/http"
 	"strconv"
@@ -46,15 +47,17 @@ import (
 
 type K8sCommonService interface {
 	GetResource(ctx context.Context, request *ResourceRequestBean) (resp *ResourceGetResponse, err error)
+	GetDataFromConfigMaps(ctx context.Context, request *CmCsRequestBean) (map[string]*apiV1.ConfigMap, error)
+	GetDataFromSecrets(ctx context.Context, request *CmCsRequestBean) (map[string]*apiV1.Secret, error)
 	UpdateResource(ctx context.Context, request *ResourceRequestBean) (resp *k8s.ManifestResponse, err error)
 	DeleteResource(ctx context.Context, request *ResourceRequestBean) (resp *k8s.ManifestResponse, err error)
 	ListEvents(ctx context.Context, request *ResourceRequestBean) (*k8s.EventsResponse, error)
 	GetRestConfigByClusterId(ctx context.Context, clusterId int) (*rest.Config, error, *cluster.ClusterBean)
 	GetManifestsByBatch(ctx context.Context, request []ResourceRequestBean) ([]BatchResourceResponse, error)
 	FilterK8sResources(ctx context.Context, resourceTreeInf map[string]interface{}, appDetail bean.AppDetailContainer, appId string, kindsToBeFiltered []string, externalArgoAppName string) []ResourceRequestBean
 	RotatePods(ctx context.Context, request *RotatePodRequest) (*RotatePodResponse, error)
-	GetCoreClientByClusterId(clusterId int) (*kubernetes.Clientset, *v1.CoreV1Client, error)
-	GetCoreClientByClusterIdForExternalArgoApps(req *cluster.EphemeralContainerRequest) (*kubernetes.Clientset, *v1.CoreV1Client, error)
+	GetCoreClientByClusterId(clusterId int) (*kubernetes.Clientset, *clientV1.CoreV1Client, error)
+	GetCoreClientByClusterIdForExternalArgoApps(req *cluster.EphemeralContainerRequest) (*kubernetes.Clientset, *clientV1.CoreV1Client, error)
 	GetK8sServerVersion(clusterId int) (*version.Info, error)
 	PortNumberExtraction(resp []BatchResourceResponse, resourceTree map[string]interface{}) map[string]interface{}
 	GetRestConfigOfCluster(ctx context.Context, request *ResourceRequestBean) (*rest.Config, error)
@@ -113,6 +116,54 @@ func (impl *K8sCommonServiceImpl) GetResource(ctx context.Context, request *Reso
 	return response, nil
 }
 
+func (impl *K8sCommonServiceImpl) GetDataFromConfigMaps(ctx context.Context, request *CmCsRequestBean) (map[string]*apiV1.ConfigMap, error) {
+	newCtx, span := otel.Tracer("orchestrator").Start(ctx, "K8sCommonServiceImpl.GetDataFromConfigMaps")
+	defer span.End()
+	response := make(map[string]*apiV1.ConfigMap, len(request.GetExternalCmList()))
+	if len(request.GetExternalCmList()) == 0 {
+		return response, nil
+	}
+	_, v1Client, err := impl.GetCoreClientByClusterId(request.GetClusterId())
+	if err != nil {
+		impl.logger.Errorw("error in getting coreV1 client by clusterId", "clusterId", request.clusterId, "err", err)
+		return nil, err
+	}
+	// using for loop instead of getting all configMaps at once since request.GetExternalCmList() will be small
+	for _, cmName := range request.GetExternalCmList() {
+		configMap, err := impl.K8sUtil.GetConfigMapWithCtx(newCtx, request.GetNamespace(), cmName, v1Client)
+		if err != nil {
+			impl.logger.Errorw("error in getting configMap", "namespace", request.GetNamespace(), "cmName", cmName, "err", err)
+			return nil, err
+		}
+		response[cmName] = configMap
+	}
+	return response, nil
+}
+
+func (impl *K8sCommonServiceImpl) GetDataFromSecrets(ctx context.Context, request *CmCsRequestBean) (map[string]*apiV1.Secret, error) {
+	newCtx, span := otel.Tracer("orchestrator").Start(ctx, "K8sCommonServiceImpl.GetDataFromConfigMaps")
+	defer span.End()
+	response := make(map[string]*apiV1.Secret, len(request.GetExternalCmList()))
+	if len(request.GetExternalCsList()) == 0 {
+		return response, nil
+	}
+	_, v1Client, err := impl.GetCoreClientByClusterId(request.GetClusterId())
+	if err != nil {
+		impl.logger.Errorw("error in getting coreV1 client by clusterId", "clusterId", request.clusterId, "err", err)
+		return nil, err
+	}
+	// using for loop instead of getting all secrets at once since request.GetExternalCsList() will be small
+	for _, csName := range request.GetExternalCsList() {
+		secret, err := impl.K8sUtil.GetSecretWithCtx(newCtx, request.GetNamespace(), csName, v1Client)
+		if err != nil {
+			impl.logger.Errorw("error in getting configMap", "namespace", request.namespace, "csName", csName, "err", err)
+			return nil, err
+		}
+		response[csName] = secret
+	}
+	return response, nil
+}
+
 func (impl *K8sCommonServiceImpl) UpdateResource(ctx context.Context, request *ResourceRequestBean) (*k8s.ManifestResponse, error) {
 	//getting rest config by clusterId
 	clusterId := request.ClusterId
@@ -129,7 +180,7 @@ func (impl *K8sCommonServiceImpl) UpdateResource(ctx context.Context, request *R
 		impl.logger.Errorw("error in updating resource", "err", err, "clusterId", clusterId)
 		statusError, ok := err.(*errors.StatusError)
 		if ok {
-			err = &util2.ApiError{Code: "400", HttpStatusCode: int(statusError.ErrStatus.Code), UserMessage: statusError.Error()}
+			err = &internalUtil.ApiError{Code: "400", HttpStatusCode: int(statusError.ErrStatus.Code), UserMessage: statusError.Error()}
 		}
 		return nil, err
 	}
@@ -382,7 +433,7 @@ func (impl *K8sCommonServiceImpl) GetK8sServerVersion(clusterId int) (*version.I
 	return k8sVersion, err
 }
 
-func (impl *K8sCommonServiceImpl) GetCoreClientByClusterId(clusterId int) (*kubernetes.Clientset, *v1.CoreV1Client, error) {
+func (impl *K8sCommonServiceImpl) GetCoreClientByClusterId(clusterId int) (*kubernetes.Clientset, *clientV1.CoreV1Client, error) {
 	clusterBean, err := impl.clusterService.FindById(clusterId)
 	if err != nil {
 		impl.logger.Errorw("error occurred in finding clusterBean by Id", "clusterId", clusterId, "err", err)
@@ -405,7 +456,7 @@ func (impl *K8sCommonServiceImpl) GetCoreClientByClusterId(clusterId int) (*kube
 	return clientSet, v1Client, nil
 }
 
-func (impl *K8sCommonServiceImpl) GetCoreClientByClusterIdForExternalArgoApps(req *cluster.EphemeralContainerRequest) (*kubernetes.Clientset, *v1.CoreV1Client, error) {
+func (impl *K8sCommonServiceImpl) GetCoreClientByClusterIdForExternalArgoApps(req *cluster.EphemeralContainerRequest) (*kubernetes.Clientset, *clientV1.CoreV1Client, error) {
 	restConfig, err := impl.argoApplicationService.GetRestConfigForExternalArgo(context.Background(), req.ClusterId, req.ExternalArgoApplicationName)
 	if err != nil {
 		impl.logger.Errorw("error in getting rest config", "err", err, "clusterId", req.ClusterId, "externalArgoApplicationName", req.ExternalArgoApplicationName)

pkg/k8s/K8sCommonService.go

@@ -43,6 +43,55 @@ func (r *ResourceRequestBean) IsValidDeploymentType() bool {
 	return r.DeploymentType == bean.HelmInstalledType || r.DeploymentType == bean.ArgoInstalledType || r.DeploymentType == bean.FluxInstalledType
 }
 
+type CmCsRequestBean struct {
+	clusterId      int
+	namespace      string
+	externalCmList []string
+	externalCsList []string
+}
+
+func (req *CmCsRequestBean) SetClusterId(clusterId int) *CmCsRequestBean {
+	req.clusterId = clusterId
+	return req
+}
+
+func (req *CmCsRequestBean) SetNamespace(namespace string) *CmCsRequestBean {
+	req.namespace = namespace
+	return req
+}
+
+func (req *CmCsRequestBean) SetExternalCmList(externalCmList ...string) *CmCsRequestBean {
+	if len(externalCmList) == 0 {
+		return req
+	}
+	req.externalCmList = append(req.externalCmList, externalCmList...)
+	return req
+}
+
+func (req *CmCsRequestBean) SetExternalCsList(externalCsList ...string) *CmCsRequestBean {
+	if len(externalCsList) == 0 {
+		return req
+	}
+	req.externalCsList = append(req.externalCsList, externalCsList...)
+	return req
+}
+
+func (req *CmCsRequestBean) GetClusterId() int {
+	return req.clusterId
+}
+
+func (req *CmCsRequestBean) GetNamespace() string {
+	return req.namespace
+}
+
+func (req *CmCsRequestBean) GetExternalCmList() []string {
+	return req.externalCmList
+}
+
+func (req *CmCsRequestBean) GetExternalCsList() []string {
+	return req.externalCsList
+}
+
 type LogsDownloadBean struct {
 	FileName string `json:"fileName"`
 	LogsData string `json:"data"`

pkg/k8s/bean.go

@@ -20,6 +20,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/Masterminds/semver"
+	"github.com/devtron-labs/devtron/internal/util"
 	"github.com/devtron-labs/devtron/pkg/fluxApplication"
 	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
 	"strings"
@@ -44,6 +45,24 @@ func GetClientErrorMessage(err error) string {
 	return err.Error()
 }
 
+func ParseK8sClientErrorToApiError(err error) *util.ApiError {
+	if apiErr := (&util.ApiError{}); errors.As(err, &apiErr) {
+		// do not change the error if it is already an ApiError
+		return apiErr
+	}
+	// if error is of type k8sErrors.APIStatus, then extract the message from it
+	if status, ok := err.(k8sErrors.APIStatus); ok || errors.As(err, &status) {
+		return util.NewApiError().
+			WithHttpStatusCode(int(status.Status().Code)).
+			WithUserDetailMessage(status.Status().Message).
+			WithInternalMessage(status.Status().Message)
+	}
+	// generic error
+	return util.NewApiError().
+		WithUserDetailMessage(err.Error()).
+		WithInternalMessage(err.Error())
+}
+
 // StripPrereleaseFromK8sVersion takes in k8sVersion and stripe pre-release from semver version and return sanitized k8sVersion
 // or error if invalid version provided, e.g. if k8sVersion = "1.25.16-eks-b9c9ed7", then it returns "1.25.16".
 func StripPrereleaseFromK8sVersion(k8sVersion string) string {
@@ -59,6 +78,11 @@ func StripPrereleaseFromK8sVersion(k8sVersion string) string {
 	return k8sVersion
 }
 
+func NewCmCsRequestBean(clusterId int, namespace string) *CmCsRequestBean {
+	req := &CmCsRequestBean{}
+	return req.SetClusterId(clusterId).SetNamespace(namespace)
+}
+
 func IsClusterStringContainsFluxField(str string) bool {
 	_, err := fluxApplication.DecodeFluxExternalAppId(str)
 	if err != nil {